I know there has been a fair bit of talk about walk-the-tree. Taking a 24h set of data, and trying to measure the number of times where this situation may be warranted. We can try to make a guess the goal is to look for a DMARC policy between the 5322.From which has an unknown number of dotted sections, and the second-level/apex/organizational domain. I extracted the 5322.From and counted the number of "." in the field. So "1" dot, means example.com, "2" means third.example.com, and so on. I included the policy as well, abs(ent)/none/quarantine/reject.
In roughly 86% of cases, the domain of record is in the format of "example.com". In about 13%, we have "third.example.com". The other <1% are other variations. Not exactly sure if this data tells us walking-the-tree is going to be advantageous, but thought I would share with others. Let me know if you have questions, or would like to see different data (that I'd be allowed to share) Note: This is percentage of messages, not percentage of domains (apologies if the formatting goes sideways) Num_dots Policy PctOfTraffic -------------- --------- --------------------------------------- 1 none 60.9147275180 1 abs 11.4060937845 1 reject 10.9984823560 2 quarantine 7.3245642177 1 quarantine 3.1460328512 2 abs 2.5626295515 2 reject 2.1029313056 2 none 1.1140098795 3 abs 0.1924108697 3 reject 0.1362830691 3 none 0.0797639119 3 quarantine 0.0173744076 4 abs 0.0021115047 4 reject 0.0017292496 6 abs 0.0003094447 4 none 0.0002730394 4 quarantine 0.0001092158 5 quarantine 0.0001092158 5 abs 0.0000364053 5 none 0.0000091013 6 none 0.0000091013 -- Alex Brotman Sr. Engineer, Anti-Abuse & Messaging Policy Comcast From: dmarc <dmarc-boun...@ietf.org> On Behalf Of Todd Herr Sent: Monday, October 25, 2021 3:30 PM To: IETF DMARC WG <dmarc@ietf.org> Subject: [dmarc-ietf] Topic for IETF 112 - Policy Discovery Greetings. There are, by my count, eleven tickets that are primarily focused on or at least touch on the issue of policy discovery. A specialized query for them is at this URL - https://urldefense.com/v3/__https://trac.ietf.org/trac/dmarc/report/15__;!!CQl3mcHX2A!VGJAEdJ0DpNqMeFma5x4t8ehOeZpPCdYqZs4Dq9_D2Zja366Lx0pcwqK4DFcSskDWHhaFXGCzA$ The question of policy discovery has a few options as its answer: • Leave things as they are (meaning look up the policy for the RFC5322.From domain and the organizational domain of that domain if different) • Add a third lookup for a public suffix domain • Walk the DNS tree from the RFC5322.From domain all the way to an agreed-upon level in the DNS hierarchy • Something other than what's listed here The topic of policy discovery has been proposed for the agenda for the upcoming DMARC session at IETF 112, and so this message should serve to kick off a discussion of the topic now, so that we can have a most productive discussion on the 9th. Thank you. -- Todd Herr | Technical Director, Standards and Ecosystem e: mailto:todd.h...@valimail.com m: 703.220.4153 This email and all data transmitted with it contains confidential and/or proprietary information intended solely for the use of individual(s) authorized to receive it. If you are not an intended and authorized recipient you are hereby notified of any use, disclosure, copying or distribution of the information included in this transmission is prohibited and may be unlawful. Please immediately notify the sender by replying to this email and then delete it from your system. _______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc
